An attach-srv config line usually looks like this: tcp-request session attach-srv be/srv name ssl_c_s_dn(CN)
The name is a key that is used when looking up connections in the connection pool. Without this patch you'd get an error if you passed anything other than "ssl_c_s_dn(CN)" as the name expression. Now you can pass arbitrary expressions and it will just warn you if you aren't producing a configuration that is RFC compliant. I'm doing this as I want to use `fc_pp_unique_id` as the name. --- src/tcp_act.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/tcp_act.c b/src/tcp_act.c index a88fab4af..4d2a56c67 100644 --- a/src/tcp_act.c +++ b/src/tcp_act.c @@ -522,8 +522,7 @@ static int tcp_check_attach_srv(struct act_rule *rule, struct proxy *px, char ** if ((rule->arg.attach_srv.name && (!srv->use_ssl || !srv->sni_expr)) || (!rule->arg.attach_srv.name && srv->use_ssl && srv->sni_expr)) { - memprintf(err, "attach-srv rule: connection will never be used; either specify name argument in conjunction with defined SSL SNI on targeted server or none of these"); - return 0; + ha_warning("attach-srv rule: connection may never be used; usually name argument is defined SSL SNI on targeted server or none of these"); } rule->arg.attach_srv.srv = srv; -- 2.34.1